XLTS for AngularJS v1.5.22 Released
May 21, 2024
Sep 9, 2024
v1.5.22
Bug Fixes
- $compile: always sanitize image sources on
<source>
element- This fixes a Medium Severity Content Spoofing vulnerability (CVE-2024-8373).
- srcset: prevent bypassing image source sanitization with
(ng(Attr/Prop))Srcset
- This fixes a Medium Severity Content Spoofing vulnerability (CVE-2024-8372).
FAQ
Updated: March 5, 2024
The first high-severity CVE since AngularJS End of Life has been officially reported. For AngularJS Never-Ending Support (formerly XLTS) clients, we found this CVE last year and issued a fix immediately. For all others, as Google’s official AngularJS long-term support partner, we encourage you to either:
- Migrate off of AngularJS, or
- Contact HeroDevs about how you can keep your AngularJS environment secure, compliant, and compatible indefinitely.
May 21, 2024
Sep 9, 2024